1. 02 Apr, 2020 2 commits
    • BAIRE Anthony's avatar
      add the container_migrate script · 13e204ea
      BAIRE Anthony authored
      13e204ea
    • BAIRE Anthony's avatar
      Add webapp deploy tokens · 7d01d42b
      BAIRE Anthony authored
      - add the Token model to store the authentication tokens
      - add the WebappTokenCreate & WebappTokenDelete views to manage
        the tokens
      - enable the docker panel in the WebappSandboxPanel
      - rename the jwt token class 'Token' as 'JwtToken'
        (to avoid any confusion)
      - enable access to the registry (only for pushing for the moment)
      
      close #44
      close allgo.inria.fr#5
      mitigates #227
      7d01d42b
  2. 23 May, 2019 2 commits
  3. 21 May, 2019 1 commit
    • sebastien letort's avatar
      django-nginx conf file has been reordered, and API location has been slightly... · 732f5c1c
      sebastien letort authored
      django-nginx conf file has been reordered, and API location has been slightly rewritten with inner locations.
      
      Here we conserved the CORS principles and make them used to all API, datastore included.
      Note that trying to get a file with the api (api/v1/datastore/...) will return a 404.
      -> but the end user has no reason to known this path.
      732f5c1c
  4. 02 May, 2019 1 commit
  5. 17 Sep, 2018 1 commit
  6. 31 Jul, 2018 1 commit
  7. 05 Jul, 2018 1 commit
  8. 03 Jul, 2018 1 commit
    • BAIRE Anthony's avatar
      seed refactoring · 13643f63
      BAIRE Anthony authored
      move the db seeding outside the django container_init script
      
      seeding is now performed by the bootstrap script directly (except called
      with --noseed). It consists of two parts:
       - seeding the db: with 3 users (admin@localhost, devel@localhots and
         user@localhost) and one webapp ('sleep' that has 1 version 'latest')
       - seeding the registry with one image: "localhost/sleep:latest" for the
         sleep webapp
      13643f63
  9. 27 Jun, 2018 2 commits
    • BAIRE Anthony's avatar
      introduce a special token for the controller · b0807974
      BAIRE Anthony authored
      Initially the authentication with the registry was performed with a TLS
      client certificate installed on the controller.
      
      The registry is now configured to use token-based authentication (to
      give access to the users), but unfortunately it cannot be configured to
      support multiple auth methods. So we have to provide a token for the
      controller.
      
      This is a 'God' token, it gives total access (pull and push) on all
      images.
      b0807974
    • BAIRE Anthony's avatar
      Add an auxiliary HTTP server (allgo.aio) for serving asynchronous requests · c5cd2bc1
      BAIRE Anthony authored
      There are two purposes:
      - implement server push (using long-lived HTTP requests) for:
          - sending status updates for the jobs and sandboxes
          - live-streaming of the job logs
      - have a really async implementation for pushing image manifests into
        the registry (the preliminary implementation in
        5451a6df was blocking)
      
      It is implemented with aiohttp.web (a lighweight HTTP framework,
      similar to what we can do with flask but asynchronously).
      
      The alternative would have been to use the django channels plugin, but:
      - it went through a major refactoring (v2) recently
      - it requires replacing unicorn with an ASGI server (daphne)
      - django-channels and daphne are not yet debian, and for the HTTP server
        i would prefer an implementation for which we have stable security
        updates
      
      (anyway this can be ported to django-channels later)
      
      The nginx config redirects the /aio/ path to this server (and the image
      manifests pushes too).
      
      The allgo.aio server interacts only with the nginx, reddis and django
      containers. It relies totally on the django server for authenticating
      the user and for accessing the mysql db (so there is no ORM).
      
      NOTE: in this design the django server has to trust blindly the requests
      coming from the allgo.aio server (for some endpoints). To prevent
      security issues, the nginx configuration is modified to set the header
      'X-Origin: nginx'. Thus django knowns who he can trust.
      
      This commits implements only the image pushs. Job updated and logs
      streaming will come in a later pull request.
      c5cd2bc1
  10. 19 Jun, 2018 2 commits
  11. 14 Jun, 2018 1 commit
  12. 13 Jun, 2018 2 commits
    • BAIRE Anthony's avatar
      add the reverse-proxy config for registry urls (/v2/) · 1e3477d8
      BAIRE Anthony authored
      - images manifest push/pull are routed through the django server
      - all other endpoints are routed directly to the registry
      
      
      On client-side the registry url is the is the same as the allgo server.
      The backend registry location is configured by the
      ALLGO_REGISTRY_PRIVATE_URL which is set to "http://{ENV}-registry"
      by default (i.e. 'http://dev-registry' in dev)
      
      
      Because the registry URL is configured at runtime (by the env
      var), the nginx config can no longer be static.
      /etc/nginc/conf.d/allgo.conf is generated at runtime
       (after loading the django config)
      1e3477d8
    • BAIRE Anthony's avatar
      Trust the X-Forwarded-* headers from the reverse proxy · d3a45dbc
      BAIRE Anthony authored
      
      This makes the config simpler, now that the reverse-proxy is required
      (because of the image push/pull endpoint routed through django)
      d3a45dbc
  13. 26 Apr, 2018 1 commit
  14. 19 Apr, 2018 5 commits
  15. 18 Apr, 2018 2 commits
  16. 16 Apr, 2018 2 commits
  17. 12 Apr, 2018 6 commits
  18. 09 Apr, 2018 1 commit
  19. 06 Apr, 2018 1 commit
  20. 30 Mar, 2018 1 commit
  21. 28 Mar, 2018 1 commit
  22. 08 Mar, 2018 3 commits